Install & Enable Sysmon

Install Sysmon

First, we will have to search up Sysmon.

Here the link: https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

Then let’s search up “olaf hartong sysmon” and click on link to the github. Once you arrive at the github. Click on Code and click on Download Zip. At this moment, we should have 2 files installed: Sysmon, sysmon-modular-master

Now, let go to our files, and go to our C drive, navigate to Program Files, after that create a new folder and name it Sysmon. Now, navigate to the Downloads folder, and click on Sysmon file, and Right Click -> Extract All. We want to extract the data to C:\Program Files\Sysmon

Let’s do repeat the same step with sysmon-modular-master \ You should see something like this. Now, go inside the sysmon-modular-master and drag all the data outside and delete the sysmon-modular-master folder.

You should have something like this:

Enable Sysmon

Now, launch the command prompt as administrator.

Navigate to: C:\Program Files\Sysmon

Execute this command in the command prompt: Sysmon64.exe -i sysmonconfig.xml
A GUI will pop up and click on AGREE. Now, let run services. Sysmon should show up in the services.